553b33af47e74c7e01a0307bc03e46115439a27783998a1ddd7d0d50dab2d90b

General

Target

0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
Size

80KB
MD5

0ddefb8b72b325f5f51e7714beb8b590
SHA1

0b29fbdaba346e0b4bae7e1c1d3b9bcee3b6096d
SHA256

553b33af47e74c7e01a0307bc03e46115439a27783998a1ddd7d0d50dab2d90b
SHA512

6fa12cd8881180104ab6f0b696b6af50a981ac1f0d07546576641615fd9a56ddcb7b335cbeea8e7f110dd7d08574ea99e8e050dafb30f2aa5f73ea1103789a10
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhs:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsx

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1687) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\UIAutomationClientSideProviders.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.Win32.Primitives.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationUI.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Encoding.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Accessibility.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Aero2.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\UIAutomationClient.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\netstandard.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Luna.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\PresentationUI.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\PresentationFramework.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Windows.Forms.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\System.Windows.Forms.Design.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.Linq.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-runtime-l1-1-0.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\PresentationFramework.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationClientSideProviders.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Forms.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\ReachFramework.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Forms.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\WindowsBase.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Accessibility.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\ReachFramework.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Luna.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\WindowsBase.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\GetResize.wmf.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Drawing.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Intrinsics.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemXmlLinq.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\PresentationFramework.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\PresentationFramework.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.InteropServices.JavaScript.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\UIAutomationTypes.resources.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.VisualBasic.Core.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3104 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:5480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
Filesize
80KB

MD5
545de81253ca704c299564c3e6144492

SHA1
f40338b48e2ea49f5be5025176a740951415a60a

SHA256
2bba8829f6b6442ef68871597878966c195371498adff9754f8b82be0d0dc6c8

SHA512
abc2bf6741b387b57dbbd0cf619261e27196af921efc9d771a1ba42c42df771505c8f5ff41df1560ed371dbd0b973ed71e57263aaa6aca87c8b44447d04f794a

Download Submit
C:\libsmartscreen.dll.tmp
Filesize
80KB

MD5
08ed5150fc786d19b47c6064bd9ffe2f

SHA1
6e28483fb8f12fe7149d11f079d6297a1f002145

SHA256
eee269102b287bc4277ea8cc76043cd509aa149cddb4cd29e951ba290fea05d4

SHA512
e65c27f5e9f19bbc5fda60fe56ef3dc66059e0fce887f9e5a3891be82977b11782c95fdc18a1049440f8ee8b405e445f74e243c3a4a724567d70474ec9cfbdd6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads